log in web - PHP Online
Form of PHP Sandbox
*** This page was generated with the meta tag "noindex, nofollow". This happened because you selected this option before saving or the system detected it as spam. This means that this page will never get into the search engines and the search bot will not crawl it. There is nothing to worry about, you can still share it with anyone.
Enter Your PHP code here for testing/debugging in the Online PHP Sandbox. As in the usual PHP files, you can also add HTML, but do not forget to add the tag <?php
in the places where the PHP script should be executed.
Result of php executing
Full code of log in web.php
- <?php
- session_start();
- // Check if the user is already logged in, if yes, redirect to home page
- if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
- header("location: home.php");
- exit;
- }
- // Include config file
- require_once "config.php";
- // Define variables and initialize with empty values
- $username = $password = "";
- $username_err = $password_err = "";
- // Processing form data when form is submitted
- if($_SERVER["REQUEST_METHOD"] == "POST"){
- // Check if username is empty
- if(empty(trim($_POST["username"]))){
- $username_err = "Please enter username.";
- } else{
- $username = trim($_POST["username"]);
- }
- // Check if password is empty
- if(empty(trim($_POST["password"]))){
- $password_err = "Please enter your password.";
- } else{
- $password = trim($_POST["password"]);
- }
- // Validate credentials
- if(empty($username_err) && empty($password_err)){
- // Prepare a select statement
- $sql = "SELECT id, username, password FROM users WHERE username = ?";
- if($stmt = $mysqli->prepare($sql)){
- // Bind variables to the prepared statement as parameters
- $stmt->bind_param("s", $param_username);
- // Set parameters
- $param_username = $username;
- // Attempt to execute the prepared statement
- if($stmt->execute()){
- // Store result
- $stmt->store_result();
- // Check if username exists, if yes then verify password
- if($stmt->num_rows == 1){
- // Bind result variables
- $stmt->bind_result($id, $username, $hashed_password);
- if($stmt->fetch()){
- if(password_verify($password, $hashed_password)){
- // Password is correct, start a new session
- session_start();
- // Store data in session variables
- $_SESSION["loggedin"] = true;
- $_SESSION["id"] = $id;
- $_SESSION["username"] = $username;
- // Redirect user to home page
- header("location: home.php");
- } else{
- // Display an error message if password is not valid
- $password_err = "The password you entered was not valid.";
- }
- }
- } else{
- // Display an error message if username doesn't exist
- $username_err = "No account found with that username.";
- }
- } else{
- echo "Oops! Something went wrong. Please try again later.";
- }
- // Close statement
- $stmt->close();
- }
- }
- // Close connection
- $mysqli->close();
- }
- ?>